CVE-2012-0004

Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/47485
http://www.securityfocus.com/bid/51295
http://www.securitytracker.com/id?1026492
http://www.us-cert.gov/cas/techalerts/TA12-010A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832
http://secunia.com/advisories/47485
http://www.securityfocus.com/bid/51295
http://www.securitytracker.com/id?1026492
http://www.us-cert.gov/cas/techalerts/TA12-010A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_7:-:::::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x32:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2::itanium:::::
	cpe:2.3:o:microsoft:windows_server_2008:r2::x64:::::
	cpe:2.3:o:microsoft:windows_vista::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_xp:2005:sp3:media_center:::::*

History

21 Nov 2024, 01:34

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/47485 -~~	() http://secunia.com/advisories/47485 -
References	~~() http://www.securityfocus.com/bid/51295 -~~	() http://www.securityfocus.com/bid/51295 -
References	~~() http://www.securitytracker.com/id?1026492 -~~	() http://www.securitytracker.com/id?1026492 -
References	~~() http://www.us-cert.gov/cas/techalerts/TA12-010A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA12-010A.html - US Government Resource
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832 -

07 Dec 2023, 18:38

Type	Values Removed	Values Added
CPE	cpe:2.3:o:microsoft:windows_vista::sp2:x64:::::

Information

Published : 2012-01-10 21:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-0004

Mitre link : CVE-2012-0004

CVE.ORG link : CVE-2012-0004

JSON object : View

Products Affected

microsoft

windows_server_2003
windows_server_2008
windows_7
windows_vista
windows_xp

CWE

NVD-CWE-noinfo

{"id": "CVE-2012-0004", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-01-10T21:55:03.777", "references": [{"url": "http://secunia.com/advisories/47485", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/51295", "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id?1026492", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/47485", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/51295", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1026492", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka \"DirectShow Remote Code Execution Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad no especificada en DirectShow en DirectX de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 Service Pack 2, R2 y R2 SP1, y Windows 7 Gold y SP1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo de los medios de comunicaci\u00f3n modificado. Esta vulnerabilidad esta relacionada con los filtros DirectShow Quartz.dll, Qdvd.dll y Line21. Tambien conocida como \"Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Directshow.\""}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51"}, {"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4"}, {"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D16A8D29-57BF-4B74-85F2-24DBD8B52BBF"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8A32637-65EC-42C4-A892-0E599562527C"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AE15F6C-80F6-43A6-86DA-B92116A697A0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC916D5A-0644-4423-A52E-D4310906BE78"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95DC297F-06DB-4FB3-BFB6-7312C059E047"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:2005:sp3:media_center:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C706F71-6F28-4484-81DF-18FD573AC2AC"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}

9.3 /10